404 instead of 405 when secret metadatum method not allowed

Bug #1554350 reported by Fernando Diaz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Barbican
Fix Released
Low
Fernando Diaz

Bug Description

When anything except a GET, PUT, or DELETE is done on the Secret Metadatum Controller is performed a 404 is given when a 405 should be given.

Example:
vagrant@vagrant-ubuntu-trusty-64:~$ curl -X PUT -H "content-n" -H "X-Auth-Token: $TOKEN" -d '{ "metadata": {
        "description": "contains the AES key",
        "geolocation": "12.3456, -98.7654"
      }
    }' http://localhost:9311/v1/secrets/4b500dc9-7e14-4c9f-8dec-60116cff3cf9/metadata

{"metadata_ref": "http://10.0.2.15:9311/v1/secrets/4b500dc9-7e14-4c9f-8dec-60116cff3cf9/metadata"}

vagrant@vagrant-ubuntu-trusty-64:~$ curl -H "X-Auth-Token: $TOKEN" http://localhost:9311/v1/secrets/4b500dc9-7e14-4c9f-8dec-60116cff3cf9/metadata/description
{"key": "description", "value": "contains the AES key"}

--------------Error--------------------------
Now when performing a HEAD:
vagrant@vagrant-ubuntu-trusty-64:~$ curl -X HEAD -H "X-Auth-Token: $TOKEN" http://localhost:9311/v1/secrets/4b500dc9-7e14-4c9f-8dec-60116cff3cf9/metadata/description
curl: (18) transfer closed with 56 bytes remaining to read

Server:
2016-03-08 05:42:02.158 INFO barbican.api.middleware.context [req-1553f517-87de-4d11-866e-61d687404e4c ad913a352dee4511a1cc2238c9a9804c 1e24e761bf2b4f058f45e813af35534e] Processed request: 404 Not Found - HEAD http://localhost:9311/v1/secrets/4b500dc9-7e14-4c9f-8dec-60116cff3cf9/metadata/description

Now when performing a POST:
vagrant@vagrant-ubuntu-trusty-64:~$ curl -X POST -H "X-Auth-Token: $TOKEN" http://localhost:9311/v1/secrets/4b500dc9-7e14-4c9f-8dec-60116cff3cf9/metadata/description
{"code": 404, "description": null, "title": "Not Found"}

Fernando Diaz (diazjf)
Changed in barbican:
importance: Undecided → Medium
Revision history for this message
Fernando Diaz (diazjf) wrote :
Download full text (4.0 KiB)

Debugging:

vagrant@vagrant-ubuntu-trusty-64:~$ telnet localhost 4444
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
> /opt/stack/barbican/barbican/api/controllers/secretmeta.py(115)__init__()
-> LOG.debug('=== Creating SecretMetadatumController ===')
(Pdb) n
> /opt/stack/barbican/barbican/api/controllers/secretmeta.py(116)__init__()
-> self.user_meta_repo = repo.get_secret_user_meta_repository()
(Pdb) n
> /opt/stack/barbican/barbican/api/controllers/secretmeta.py(117)__init__()
-> self.secret = secret
(Pdb) n
> /opt/stack/barbican/barbican/api/controllers/secretmeta.py(118)__init__()
-> self.metadatum_validator = validators.NewSecretMetadatumValidator()
(Pdb) print secret
<barbican.model.models.Secret object at 0x7f25cb292750>
(Pdb) n
--Return--
> /opt/stack/barbican/barbican/api/controllers/secretmeta.py(118)__init__()->None
-> self.metadatum_validator = validators.NewSecretMetadatumValidator()
(Pdb) print metdatum_validator
*** NameError: name 'metdatum_validator' is not defined
(Pdb) printself.metadatum_validator
*** NameError: name 'printself' is not defined
(Pdb) print self.metadatum_validator
<barbican.common.validators.NewSecretMetadatumValidator object at 0x7f25cb236ed0>
(Pdb) n
> /opt/stack/barbican/barbican/api/controllers/secrets.py(82)_lookup()
-> remainder
(Pdb) n
--Return--
> /opt/stack/barbican/barbican/api/controllers/secrets.py(82)_lookup()->(<barbica...cb279f10>, (u'description',))
-> remainder
(Pdb) print remainder
(u'description',)
(Pdb) n
> /usr/local/lib/python2.7/dist-packages/pecan/routing.py(173)handle_lookup_traversal()
-> if result:
(Pdb) n
> /usr/local/lib/python2.7/dist-packages/pecan/routing.py(174)handle_lookup_traversal()
-> prev_obj = obj
(Pdb) n
> /usr/local/lib/python2.7/dist-packages/pecan/routing.py(175)handle_lookup_traversal()
-> obj, remainder = result
(Pdb) n
> /usr/local/lib/python2.7/dist-packages/pecan/routing.py(177)handle_lookup_traversal()
-> cross_boundary(prev_obj, obj)
(Pdb) n
> /usr/local/lib/python2.7/dist-packages/pecan/routing.py(178)handle_lookup_traversal()
-> return result
(Pdb) n
--Return--
> /usr/local/lib/python2.7/dist-packages/pecan/routing.py(178)handle_lookup_traversal()->(<barbica...cb279f10>, (u'description',))
-> return result
(Pdb) n
> /usr/local/lib/python2.7/dist-packages/pecan/routing.py(156)lookup_controller()
-> if result:
(Pdb) n
> /usr/local/lib/python2.7/dist-packages/pecan/routing.py(160)lookup_controller()
-> remainder == [''] and
(Pdb) n
> /usr/local/lib/python2.7/dist-packages/pecan/routing.py(164)lookup_controller()
-> obj_, remainder_ = result
(Pdb) n
> /usr/local/lib/python2.7/dist-packages/pecan/routing.py(165)lookup_controller()
-> return lookup_controller(obj_, remainder_, request)
(Pdb) n
HTTPNotFound: <HTTPNot...ot Found>

The exception that is hit is:
2016-03-08 06:17:59.932 ERROR barbican.api.controllers.secrets [req-f6af22ad-4a5b-468d-a45b-484ca47f1171 ad913a352dee4511a1cc2238c9a9804c 1e24e761bf2b4f058f45e813af35534e] <pecan.core.ObjectProxy object at 0x7fa28072fd50>
2016-03-08 06:17:59.932 TRACE barbican.api.controllers.secrets Traceback (most recent call last):
2016-03-08 06:17:59.932 TRACE barbican.api.controllers.secrets ...

Read more...

Fernando Diaz (diazjf)
Changed in barbican:
importance: Medium → Low
Fernando Diaz (diazjf)
Changed in barbican:
assignee: nobody → Fernando Diaz (diazjf)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to barbican (master)

Fix proposed to branch: master
Review: https://review.openstack.org/290765

Changed in barbican:
status: New → In Progress
Fernando Diaz (diazjf)
Changed in barbican:
milestone: none → mitaka-3
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to barbican (master)

Reviewed: https://review.openstack.org/290765
Committed: https://git.openstack.org/cgit/openstack/barbican/commit/?id=6f97d23ce7fdff6d26ed0cf909e2516cd0d61ae6
Submitter: Jenkins
Branch: master

commit 6f97d23ce7fdff6d26ed0cf909e2516cd0d61ae6
Author: Fernando Diaz <email address hidden>
Date: Wed Mar 9 17:20:40 2016 +0000

    Throw 405 when specified method not allowed in Secret Metadatum

    This patch resolves a bug where a 404 was being thrown instead of
    a 405, when an invalid method was performed. It was because
    pecan index() can't handle fallback when a method consumes
    additional arguments.

    Change-Id: I8daddba238a977baa6d0366b2412b626df247d8e
    Closes-Bug: #1554350

Changed in barbican:
status: In Progress → Fix Released
Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/barbican 2.0.0.0rc1

This issue was fixed in the openstack/barbican 2.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers